Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
EEF-CVE-2026-23939
  • github.com/hexpm/hexpm.git
 Path Traversal in Local File Store Backend 6 days ago
  • Fix available
  • Severity - 6.9 (Medium)
OSV-2026-311
  • OSS-Fuzz/libical
  • github.com/libical/libical.git
 UNKNOWN READ in strncasecmp 6 days ago
  • Fix available
OSV-2026-308
  • OSS-Fuzz/libical
  • github.com/libical/libical.git
 Heap-buffer-overflow in vcardstructured_new_from_string 25 Feb
  • Fix available
OSV-2026-307
  • OSS-Fuzz/gpsd
  • gitlab.com/gpsd/gpsd
 Global-buffer-overflow in navcom_parse 25 Feb
  • Fix available
OSV-2026-304
  • OSS-Fuzz/grok
  • github.com/GrokImageCompression/grok.git
 Heap-use-after-free in tf::Executor::_invoke 25 Feb
  • Fix available
CVE-2026-27468
  • github.com/mastodon/mastodon
 Mastodon may allow unconfirmed FASP to make subscriptions 24 Feb
  • Fix available
  • Severity - 4.8 (Medium)
CVE-2026-27156
  • github.com/zauberzeug/nicegui
 NiceGUI has XSS via Code Injection 24 Feb
  • Fix available
  • Severity - 6.1 (Medium)
CVE-2025-62512
  • github.com/piwigo/piwigo
 Piwigo Vulnerable to User Enumeration via Password Reset Endpoint 24 Feb
  • No fix available
  • Severity - 5.5 (Medium)
CVE-2024-48928
  • github.com/piwigo/piwigo
 Piwigo's secret key can be brute forced 24 Feb
  • Fix available
  • Severity - 2.7 (Low)
CVE-2026-27590
  • github.com/caddyserver/caddy
 Caddy: Unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FastCGI transport 24 Feb
  • Fix available
  • Severity - 8.9 (High)
CVE-2026-27589
  • github.com/caddyserver/caddy
 Caddy vulnerable to cross-origin config application via local admin API /load (caddy) 24 Feb
  • Fix available
  • Severity - 6.9 (Medium)
CVE-2026-27588
  • github.com/caddyserver/caddy
 Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass 24 Feb
  • Fix available
  • Severity - 7.7 (High)
CVE-2026-27587
  • github.com/caddyserver/caddy
 Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass 24 Feb
  • Fix available
  • Severity - 7.7 (High)
CVE-2026-27586
  • github.com/caddyserver/caddy
 Caddy's mTLS client authentication silently fails open when CA certificate file is missing or malformed 24 Feb
  • Fix available
  • Severity - 8.8 (High)
CVE-2026-27585
  • github.com/caddyserver/caddy
 Caddy's improper sanitization of glob characters in file matcher may lead to bypassing security protections 24 Feb
  • Fix available
  • Severity - 6.9 (Medium)
CVE-2026-27571
  • github.com/nats-io/nats-server
 nats-server websockets are vulnerable to pre-auth memory DoS 24 Feb
  • Fix available
  • Severity - 5.9 (Medium)
Load more...